From dddf79798cb2f2f76bf4432aa90c8a3c61402db1 Mon Sep 17 00:00:00 2001
From: Aaron Rainbolt <arraybolt3@ubuntu.com>
Date: Sat, 27 Dec 2025 19:46:55 -0600
Subject: [PATCH] Document why we disable sudo DNS

---
 etc/sudoers.d/security-misc-desktop#security-misc-desktop | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/sudoers.d/security-misc-desktop#security-misc-desktop b/etc/sudoers.d/security-misc-desktop#security-misc-desktop
index 2d478a8..cab7ca7 100644
--- a/etc/sudoers.d/security-misc-desktop#security-misc-desktop
+++ b/etc/sudoers.d/security-misc-desktop#security-misc-desktop
@@ -1,5 +1,6 @@
 ## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
-## Don't attempt to determine the local machine's FQDN via DNS.
+## Don't attempt to determine the local machine's FQDN via DNS. This can leak
+## the machine's hostname in cleartext to the configured DNS server.
 Defaults !fqdn